Over the past several days, cybercriminals have been persistently spamvertising thousands of exploits and malware serving links across the most popular micro blogging service. Upon clicking on the clicks, users are exposed to the exploits served by the Black Hole web malware exploitation kit.

What’s so special about this campaign? What’s the detection rate of the malware it drops? Where does it phone back once it’s executed? Have we seen additional malware phone back to the same command and control servers, indication a connection between these campaigns? Let’s find out.

Next to English-speaking users, the campaign is also targeting Russian users since July, 23th, 2012:

The cybercriminals behind the campaign are also using a publicly available counter to measure the success of the campaign:

The campaign is currently propagating in the following way – an automatically generated subdomain is spamvertised with an .html link consisting of the name of the prospective victim. The cybercriminals behind the campaign are harvesting Twitter user names, then automatically generating the username.html files. For the time being, they’re only relying on two static propagation messages, namely, “It’s about уou?” and “It’s уou оn photo?“.

We’ve already seen malware phoning back to the command and control server in the recently profiled “Spamvertised ‘Download your USPS Label’ themed emails serve malware” campaign. Clearly, both campaigns are launched by the same cybercriminal/gang of cybercriminals that are basically rotating the distribution and infection vectors of their campaign.

Hello Dan,
I have have my cell phone IPhone 4 and IPad 1 both hack along with my PC. I think IOLO sw will fix the PC but everything else feels like I may have malware. Slow, don’t resolve to host. Ive had personal pics that both I and the virus/Trojan have comprised. I’m by no means the entire victim here, but there’s nothing definitive to report that I would or could take to geek squard. Other what I remember Rotten deeds I feel I may have done. I don’t have a good phone to call or I would have.
Please advise candidly as to whom would be best to contact bad if you feel the threat against me are valid.
Regards
Derek DeMss